Has your router been hijacked? How to check its settings

Check your router often to make sure it is safe to use

Your computer and your router can be attacked by hackers and malware and they can cause havoc with your internet connection. You need to check your router asap to see if you have been compromised.

The Domain Name System

When we want to visit a website, such as Google, we type google.com into the address box of a web browser. Browsers and computers do not use domain names like google.com and instead, they use IP addresses.

An IP address consists of four numbers between 0 and 255 like this: 216.58.198.110. In order to go to the Google website when you type google.com into the address box of a browser, it communicates with a DNS (Domain Name System) server, which supplies the IP address. The browser can then access the web server using this IP number and get the Google home page.

The computer needs to know the address of a DNS server in order to query it when it needs to know the IP address of a website. It can get this information from the router. If you do not manually specify which DNS servers to use, and most people don't, the ones stored in the router are used.

Changing DNS servers

Now imagine malware or a hacker got into the router or computer settings and changed the DNS server addresses to its own. These will be used by the computer and web browser and then all internet traffic will be directed through the servers provided by the malware or hacker.

This would mean instead of going to websites you think are safe, such as your online bank, eBay, PayPal, and other places, you are redirected without you knowing to a site operated by the malware or hacker. Login details could then be stolen.

DNS hijacking could also be used to change the content in web pages, such as adverts. This would then earn money for the perpetrators.

This is a serious security problem called DNS poisoning or DNS hijacking and it has been known to happen. It isn't just theoretical.

We looked at manually changing DNS servers in a previous article, and malware can do this too, although not for speed and performance. Quite the opposite.

Check your router

You can easily check that your router is OK and that safe DNS servers are being used using Router Checker from the security company, F-Secure.